Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords


A patched Outlook vulnerability (CVE-2023-35636) could have allowed threat actors to access NT LAN Manager (NTLM) v2 hashed passwords through a specially crafted file, potentially exploited via email or web-based attacks. The flaw, addressed in December 2023, was associated with the calendar-sharing function in Outlook, exposing NTLM hashes during authentication. Varonis researcher Dolev Taler noted that NTLM hashes could be leaked using Windows Performance Analyzer and Windows File Explorer, with these attack methods remaining unpatched. Microsoft plans to discontinue NTLM in Windows 11 for enhanced security.

Read More…